Module documentation for 1.3.9

This provides a high-level implementation of a sensitive security protocol,
eliminating a common set of security issues through the use of the advanced
type system, high level constructions and common Haskell features.

Currently implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol,
and support RSA and Ephemeral (Elliptic curve and regular) Diffie Hellman key exchanges,
and many extensions.

Cipher list ciphersuite_medium is now deprecated, users are advised to use
ciphersuite_default or ciphersuite_strong. List ciphersuite_all is kept
for compatibility with old servers but this is discouraged and generates a
warning (this includes RC4 ciphers, see #153
for reference).

Support for NPN (Next Protocol Negotiation) has been removed. The replacement
is ALPN (Application-Layer Protocol Negotiation).

Data type SessionData now contains fields for compression algorithm and
client SNI. A SessionManager implementation that serializes/deserializes
SessionData values must deal with the new fields.

Module Network.TLS exports a type alias named Bytes which is now deprecated.
The replacement is to use strict ByteString directly.

Version 1.3.0

Version 1.2.18

fix handling of DHE ciphers with MS SSL stack that serialize leading zero.

Version 1.2.17

Fix an issue of type of key / hash that prevented connection with SChannel.

Version 1.2.16

Fix an issue with stream cipher not correctly calculating the internal state,
resulting systematically in bad record mac failure during handshake

Version 1.2.15

support chain certificate in credentials

Version 1.2.14

adding ALPN extension

adding support for AEAD, and particularly AES128-GCM

Adding support for ECDH

Do not support SSL3 by default for security reason.

add EnumSafe8 and 16 for specific sized Enum instance that are safer

export signatureAndHash parser/encoder

add a "known" list of extensions

add SignatureAlgorithms extension

add Heartbeat extension

add support for EC curves and point format extensions

add preliminary SessionTicket extension

Debug: Add the ability to choose arbitrary cipher in the client hello.

Version 1.2.13

Fix compilation with old mtl version

Version 1.2.12

Propagate asynchronous exception

Version 1.2.11

use hourglass instead of time

use tasty instead of test-framework

add travis file

remove old de-optimisation flag as the bytestring bug is old now and it conflict with cabal check

Version 1.2.10

Update x509 dependencies

Version 1.2.9

Export TLSParams and HasBackend type names

Added FlexibleContexts flag required by ghc-7.9

debug: add support for specifying the timeout length in milliseconds.

debug: add support for 3DES in simple client

Version 1.2.8

add support for 3DES-EDE-CBC-SHA1 (cipher 0xa)

Version 1.2.7

repair retrieve certificate validation, and improve fingerprints

remove groom from dependency

make RecordM an instance of Applicative

Fixes the Error_EOF partial pattern match error in exception handling

Version 1.2.6 (23 Mar 2014)

Fixed socket backend endless loop when the server does not close connection
properly at the TLS level with the close notify alert.

Catch Error_EOF in recvData and return empty data.

Version 1.2.5 (23 Mar 2014)

Fixed Server key exchange data being parsed without the correct
context, leading to not knowing how to parse the structure.
The bug happens on efficient server that happens to send the ServerKeyXchg
message together with the ServerHello in the same handshake packet.
This trigger parsing of all the messages without having set the pending cipher.
Delay parsing, when this happen, until we know what to do with it.